There’s a newly discovered flaw in macOS (and OS X) that could let miscreants peep on you through your webcam. The flaw lets malware lurk in the background, waiting for you to make use of your built-in webcam, and then activate, recording both video and audio. IT security experts from Redscan, ESET and AlienVault commented below.
Robert Page, Lead Penetration Tester at Redscan:
“Video conferencing has become so important to the way that we communicate daily with family, friends and colleagues that more needs to be done by hardware and software manufacturers to improve security of webcams.
Taping up a webcam when not in use is probably one of the most practical steps that users can take to protect themselves against this type of malware. Users should consider however that sticky tape isn’t always that effective at concealing microphones, with audio invariably more valuable to hackers than video. The value of video to criminals is likely to increase in the future however as facial recognition technology used in areas such as banking becomes more widespread.
Another important tip is to exercise vigilance when using services like Skype or Facetime. Avoiding disclosing personal and sensitive information that could be utilised by hackers.
In business, many organisations are responding to the vulnerabilities posed by webcams by raising employee awareness and controlling access through company risk management policy.”
Mark James, Security Specialist at ESET:
“Using a good multi-layered security solution will give you a good level of protection if your laptop or pc does not allow unplugging the webcam (if it’s external) or physically switching it off. Although we talk about sticking some tape on your camera, let’s not forget many companies have produced moulded sliding covers both free and paid for that fit over your laptop webcam and enable you to cover or uncover the camera as needed.
Ensuring security software is installed and regularly updating should keep you safe from rogue malware trying to take over your webcam. You could also consider group policies that disable or limit the ability of the camera to operate or even only use external cameras that can be disconnected.
Organisations need to understand all the attack footprints of our modern IT hardware. Understanding the risks and monitoring our hardware, for “out of place” tells, could warn us of potential problems. This could simply be a green light on the webcam when it is not technically being used.
Keeping your webcam covered or unplugged is an extra precaution that should not be overlooked. Keeping your operating systems, applications and internet security product patched and updating regularly will keep you safer and most importantly communicate with whoever is in charge of your security about any suspected security risks.”
Javvad Malik, Security Advocate at AlienVault:
“I once worked for a company that, for sensitive projects, would resort to physically opening up laptops and disconnecting the webcam.
In reality, there doesn’t seem to be any viable – scalable solution available for enterprises beyond what is currently in place to prevent malware getting onto machines, and detecting and trying to block outbound connections.
At least from a video perspective, webcam covers or sticky tape seems to be a viable workaround.
The alternative is the Muckerberg Privacy Pro: https://youtu.be/d1Y-GCubt58”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.